Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Nov 24, 2025Ravie LakshmananCloud Security / Vulnerability Multiple security vendors are sounding…
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
Cybersecurity researchers have disclosed details of a new campaign that leverages a…
Enterprise Credentials at Risk – Same Old, Same Old?
Nov 07, 2025The Hacker NewsData Protection / Cloud Security Imagine this: Sarah…
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
Oct 24, 2025Ravie LakshmananDevOps / Malware Cybersecurity researchers have discovered a self-propagating…
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
Oct 10, 2025Ravie LakshmananCybercrime / Malware Cybersecurity researchers have flagged a new…
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors are abusing HTTP client tools like Axios in conjunction with…
Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks
The financially motivated threat actor known as Storm-0501 has been observed refining…
Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data
Aug 27, 2025Ravie LakshmananCloud Security / Threat Intelligence A widespread data theft…
What Attackers Are Doing With Them
When an organization's credentials are leaked, the immediate consequences are rarely visible—but…